AbstractMarshaller's DocumentBuilderFactory instance may be used by several threads simultaneously [SPR-13935] #18507
Description
Christophe Sourisse opened SPR-13935 and commented
Spring OXM provides an abstract support class - AbstractMarshaller - that helps discriminating between different Source / Result types when respectively unmarshalling / marshalling some data.
When it has to deal with some DOMSource or DOMResult, this class may build an empty DOM Document (see AbstractMarshaller#marshalDomResult, line 252) if the source or the result doesn't have any initially. This is done by the 'buildDocument' method (line 131).
Problem: a single and non-synchronized DocumentBuilderFactory instance (lazy-initialized) is used to build document builders within this 'buildDocument' method. However, depending on the DocumentBuilderFactory implementation used, the considered instance may not be thread-safe and, thus, some issues may be observed when several calls are made simultaneously to the same Marshaller/Unmarshaller instance.
A possible correction would be to synchronize the use of the DocumentBuilderFactory within 'buildDocument' using the 'documentBuilderFactoryMonitor' monitor variable:
protected Document buildDocument() {
// ...
DocumentBuilder documentBuilder;
synchronized (this.documentBuilderFactoryMonitor) {
if (this.documentBuilderFactory == null) {
this.documentBuilderFactory = createDocumentBuilderFactory();
}
documentBuilder = createDocumentBuilder(this.documentBuilderFactory);
}
// ... The document builder is ready for use ...
}Otherwise, it could be considered to instantiate a new document builder factory each time some is needed.
Could you please confirm the bug and handle it?
Thanks.
Affects: 3.2.16, 4.2.4
Referenced from: commits f61b998, ad10301, 5047e90
Backported to: 3.2.17